Computerised identity matching management

ABSTRACT

A computerized identity matching management system including a computer receiving a request from a capture apparatus waiting to commence a biometric capture process, to initiate the capture process is disclosed. The computer responds to the request to return a message to the capture apparatus at a first instant in time, the message containing a unique code, and where receipt of the message containing the code at the capture apparatus causes initiation of the capture process. The computer, after returning a message, receives a captured biometric from the capture apparatus coded with the code, at a second instant in time. The computer operates, when the second instant is less than a predetermined time later than the first instant, to decode the captured biometric and initiate a matching process to find a match for the decoded captured biometric against records and to generate an identification code when a match is found.

TECHNICAL FIELD

This invention concerns computerised identity matching management.Identity matching can be performed in a number of ways. The invention isconcerned with managing the provision of identity matching services toenable users to gain appropriate access to various facilities orservices. This invention is provided in a number of different species.First it is provided as a process, then it is provided as a unit andsystem. It is also provided as essential messages.

BACKGROUND ART

The iris is formed by a process of chaotic morphogenesis, which meansthat its final structure is randomly derived. As a result every eye isdifferent. Even identical twins, or clones for that matter, have aunique iris in each eye. Iris scans can therefore be used to produce abiometric which will accurately identify individuals. The outlierpopulation—those unable to use iris recognition due to eye or irisdamage—is less than 2%, the smallest outlier population of anybiometric.

The concept of iris recognition was developed and patented by IridianTechnologies Inc, and their concept patent U.S. Pat. No. 4,641,349describes the use of the iris to identify individuals. U.S. Pat. No.5,291,560 describes a method by which a biometric, including the irispattern of an individual, can be used as the basis of an identificationtechnique.

Briefly, the Iridian technology involves the use of an appropriatecamera designed to photograph the iris of an individual user.Proprietary software associated with the camera captures the iris imageand checks it is of suitable quality and that it has sufficient iriscontent to match successfully. This software is designed to operate onlyfor a predetermined time after image capture commences, and the processhas to be restarted if a suitable image is not obtained within that timeperiod.

An authentication server stores as records iriscodes which are templatesderived from iris images. Each record is stored with an associatedcustomer ID number. When the server receives an image from the software,it confirms image integrity before initiating a recognition process bycomparing the received iriscode with the stored iriscode records. When amatch is made the server is able to issue the customer ID number of thematched record to a service provider. The match may be verification (1:1matching) or identification (1:many matching).

The service provider is then able to access its own records to determinethe identity of the individual from the customer ID number and allocaterights to that individual accordingly—for instance access rights, orrights to conduct predetermined types of transactions.

DISCLOSURE OF INVENTION

In a first aspect, the invention is a computerised identity matchingmanagement process, comprising the steps of:

a management computer receiving a request, from capture apparatuswaiting to commence a biometric capture process, to initiate the captureprocess;

the management computer responding to the request to return a message tothe capture apparatus at a first instant in time, the message containinga unique code, and where receipt of the message containing the code atthe capture apparatus causes initiation of the capture process;

the management computer, after returning a message, receiving a capturedbiometric from the capture apparatus coded with the code, at a secondinstant in time; and

the management computer operating, when the second instant is less thana predetermined time later than the first instant, to decode thecaptured biometric and initiate a matching process to find a match forthe decoded captured biometric against stored records and to generate anidentification code when a match is found.

The essence of the invention is the time limit imposed on the periodbetween the issue of the unique code which initiates the captureprocess, and the receipt of the biometric coded with the code. The samecode is only ever issued once. This time limit is determined accordingto the time required for the capture process, and serves to reduce thepossibility of the introduction of a false biometric. For instance atime limit of ninety seconds has been found to be suitable when an irisbiometric is to be captured.

In a second aspect, the invention is a computerized identity matchingmanagement unit, comprising:

a management computer programmed to receive a request, from captureapparatus waiting to commence a biometric capture process, to initiatethe capture process.

The computer is also programmed to respond to the request to return amessage to the capture apparatus at a first instant in time, the messagecontaining a unique code, and where receipt of the message containingthe code at the capture apparatus causes initiation of the captureprocess.

The computer is also programmed to receive a captured biometric codedwith the code at a second instant in time, after the first instant.

The computer further being programmed, when the second instant is lessthan a predetermined time later than the first instant, to decode thecaptured biometric and initiate a matching process to find a match forthe biometric against stored records and to generate an identificationcode when a match is found.

The management computer will typically sit on a message orientedmiddleware (MOM) platform. The middleware platform may comprise ofe-business infrastructure products such as those provided by TIBCOActiveEnterprise. In particular TIB/Rendezvous, TIB/Adapter andTIB/Hawk. This facilitates secure and transparent communications betweencapture apparatus, such as an Iridian camera installation where a userhas an iris biometric captured, an authentication server together withits own secure database, also available from Iridian, where matchingtakes place, and a service providers computer system which holds recordsof users and their access rights.

A network of distributed management computers could be employed with thenearest computer being used for each identity check. This allows forload sharing, redundancy and minimization of network latency. Of course,the management computer could be combined with an authentication server.It may also be incorporated into the service provider's computer systemif required. In this case networked further computers could be madeavailable for off-site redundancy.

In a third aspect, the invention is a computerized identity matchingmanagement system, comprising the unit in combination with anauthentication server to perform the matching process to find a matchfor the biometric against stored records and to generate anidentification code when a match is found.

The system may also be incorporated with a service providers computersystem.

The management computer need hold no personal or account details of theusers. It may receive no data other than any identity informationprovided by the user in using the identity matching process, or routedback from the authentication computer to the service provider. As aresult, users do not risk their privacy when having their identitychecked. In fact the management computer provides a privacy protectionlayer for both user and service provider.

In addition, the management computer separates the identity matchingprocess from the subsequent application run between the user and theservice provider. The only link being any information provided by theuser when using the identity matching process.

In a more detailed identity matching process, the user may access theservice provider's website, and then launch a client program of themanagement computer resident on the website. The client sends a requestto the management computer for a ‘message authentication code’, and themanagement computer responds by sending a unique code having apredetermined time proscription.

At the website the client receives the code and initiates the Iridianproprietary software to capture an image of the user's iris. Thecaptured image may be encrypted, compressed and coded with the messageauthentication code. It is then packed with any required identifiers andsent back to the management computer.

The management computer receives the package, checks it for validity, inparticular whether the code is still valid. It also checks forintegrity. It is decompressed and decrypted and the image is then passedto an authentication server for matching. The image may be directlymatched, or a template may be generated from it, say by using theDaugman Algorithm, and the template matched.

If the match is made, an identifier is retrieved from the authenticationserver and provided to the service provider. The service provider looksup its own records using the identifier to determine who the user is andwhat access or transaction rights they are to be allowed.

Two applications currently exist in Australia for the managementcomputer, AKITA (formerly iService) and GIDDiY. There are also bespokeapplications which will support the management computer.

In a fourth aspect the invention is an electronic message fortransmission by a management computer during a computerized identitymatching process to biometric capture apparatus after the managementcomputer has received a request, from the capture apparatus, to initiatethe capture process; the electronic message comprising a unique code.Receipt of the message at the capture apparatus causes initiation of thecapture process.

In a fifth aspect the invention is a second electronic message fortransmission by a biometric capture apparatus during a computerizedidentity matching process to a management computer after the captureprocess has been completed. The second electronic message comprising acaptured image coded with the unique code obtained from the managementcomputer.

A computer readable storage medium storing a computer program which,when executed, performs a method of computerized identity matchingmanagement.

BRIEF DESCRIPTION OF DRAWINGS

An example of the system will now be described with reference to theaccompanying drawings; in which:

FIG. 1 is a schematic diagram of a computerized identity matchingmanagement system and its working environment; and

FIG. 2 is a flow chart showing the operation of a computerized identitymatching management process.

BEST MODES FOR CARRYING OUT THE INVENTION

FIG. 1 is an overview of the elements required to perform a computerizedidentity matching management process. At the heart of the elements is amanagement computer 20 programmed to receive and transmit messagesthrough a firewall 30 and over the Internet 40 to client software 50.The client software 50 may reside in a laptop 60 or PC 70 for personaluse, on a network 80 for access by many users, or on any applicationwith processor dependent functions. In any event, the client software 50works together with Iridian PrivateID software 90 and an IridianTechnologies iris recognition camera 100, such as the (Panasonic)Authenticam. (The process of supporting an identification managementfunction is not restricted to biometric interfaces, nor is it restrictedto the KnoWho Authentication Server(KWAS)). The Authenticam™ videocamera is specifically designed for use in iris recognition. Itsfeatures include:

-   -   A specialized lens to photograph the iris.    -   A base that rests on the user's computer or monitor.    -   A USB connection to the user's computer.    -   An auxiliary lens to support standard video-conferencing        applications.    -   Safety—meeting the appropriate requirements for a consumer        camera.

The management computer 20 will typically sit on a middleware platform130. The middleware platform 130 comprises e-business infrastructureproducts such as those provided by TIBCO ActiveEnterprise. In particularTIB/Rendezvous, TIB/Adapter and TIB/Hawk.

TIB/Rendezvous provides the following benefits:

-   -   Subject-based addressing (network details are hidden).    -   Allows for fast application development.    -   Provides platform independence at the hardware, operating        system, network configuration and protocol levels.    -   Component processes can be removed, replaced or added without        downtime.    -   Applications can scale easily.    -   Location transparency.

Provides anonymous communication between clients/hosts.

-   -   Transparent coexistence with other communications protocols on        the same computers and networks.    -   Low overheads, C library size <100 kB, programs in the vicinity        of 64 kB, communications executable daemon of 100 kB.    -   Is thread safe, multiple processor safe.    -   Supports Multicast addressing.    -   Distributed licensing.

TIB/Adapter is built so as to connect the Iridian KnoWho AuthenticationServer 140 to the TIB. The TIB/Iridian Adapter allows a “no-coding”approach to integration with the TIB.

TIB/Hawk is a tool for monitoring and managing distributed applicationsand systems within a network. System administrators can use it tomonitor application parameters, behavior and loading for all nodes, andtake action when pre-defined conditions occur. Using it, runtimefailures can be repaired automatically within seconds of theirdiscovery, reducing downtime.

The Iridian Technologies KnoWho Authentication Server 140 accepts theiris image sent from a camera, confirms the image integrity, and thensends it through the iris recognition process for verification againstrecords stored in its cache, which in turn is drawn from the securedatabase 150. Verification may involve 1:1 matching or 1:manyidentification, depending upon the strategy needed by the serviceprovider's Transaction Application.

The database 150 stores three types of biometric information with theSubject's ID number:

-   -   iriscode templates (left or right eye or both) in cache and on        disk    -   Iris images (left or right eye or both) on disk—optional. Is        used for re-enrolment purposes    -   Portrait images (JPEGs of a VGA image, ˜20 KB) on disk—optional.

The KnoWho Authentication Server does not store personal data, but doesindex each iriscode template with a customer ID number (CIN), preservingprivacy. The iriscode record is not available to the client thatcommunicates the iris image.

The customer ID is then forwarded to the service provider 120 backthrough the middleware platform 130 and a firewall 160.

When a user 110 wishes to access the services of a service provider 120,they launch the service provider's website and/or application and starta session 200, as shown in FIG. 2.

The website requires session based identification (could be transactionbased identification) and requests the user to select to use aconventional username/password, or the biometric identification service210.

In the event that the user selects conventional identification 211, thesession may continue 212 in a conventional fashion. The client input iscompleted 213, the service provider session is not enabled for biometricidentity matching 214 and the session is able to be processed 215 to itsconclusion 216—none of which is of interest to this example of theinvention.

In the event that the biometric identification service is selected 220,the client software 50 is launched and captures the Iridian PrivateIDsoftware 90 to take control of the video camera 100. The client alsoputs the session on hold.

Then the client software 50 sends a request to management computer 20for a Message Authentication Code (MAC).

The management computer 20 responds to the client request and issues aMAC. The MAC has variable time validity and is unique (i.e.: is onlyever issued once).

The client software 50 receives the MAC and the PrivateID 90 processescommence to capture an iris image.

To use the Authenticam camera 100 the user 110 moves their head so thatthe eye being photographed is 43-48 cm (17 to 19 inches) from the lens.The video camera sends images to the software running on the user'slaptop. The Authenticam camera responds to a software power-on command.Then an image capture module is launched.

The PrivateID software captures a series of digital video images of theSubject's eye. Image quality metrics within the PrivateID softwareinspect the images for sufficient quality and iris content to ensurehigh confidence for a successful match outcome. Once a satisfactoryimage has been culled 230, the software provides an audible signal toinform the user that the image capture session is complete, this usuallyissues within seconds. If a satisfactory image cannot be captured withinthe allotted time (the default is set at 10 seconds), then the softwareprovides an error signal to the Transaction Application. The Subjectwould then have to restart the process.

The client software 50 encrypts the captured image using an appropriatecryptographic algorithm. Then it compresses the captured image, codesthe compressed image using the previously issued MAC, collects apre-determined session identifier (SID) and service provider identifier(SPID) and assembles a message 240 for transmission to the managementcomputer 20.

The client also provides a message 241 to allow the transaction tocontinue, and the service provider is enabled for biometric identitymatching 222. The service provider then waits 223.

The management computer receives the message and checks it for validityusing MAC, that is to ensure it has been received while the MAC is stillvalid 250. If it is not valid 251 then the process stops 252.

The message then has its integrity checked using a checksum, and isdecompressed and decrypted. It is then passed through a DaugmanAlgorithm, or similar, to create an iriscode 260.

The iriscode is then sent 270, via the middleware 130, to theauthentication server 140 which attempts to match it 280 with a recordin its secure database 150. The authentication server returns a result290. The management computer interprets the result 300. If the result isa comparison failure 301, that result is logged and the process stops302.

If the match is a success 310 the management computer receives theCustomer Identification Number (ACIN) associated with the matched recordback from the authentication server 140, via the middleware layer 130.

The management computer then assembles a message 320 containing theCustomer Identification Number (ACIN) and the session identifier (SID),and sends this 330 to the service provider 120, via a second firewall160, using the service provider identifier (SPID) to address it.

The service provider 120 has been enabled to receive a biometricidentification signal and responds to the message from the managementcomputer 20 by checking 340 whether the session identifier (SID) andCustomer Identification Number (ACIN) are appropriate for the session ornot. It does this by checking its own database to determine the rightsavailable to the user having the ACIN found from matching. If that userdoes not have the appropriate rights for the session 341 the event islogged and the session ended 342.

In the event the customer has the right to conduct that session 350,they are permitted to proceed with the session transactions 215, andwhen they are finished the session ends 216.

Although FIG. 1 shows the management computer running at a singlefacility, in reality there would be multiple facilities for loadsharing, redundancy and minimization of network latency.

Although the invention has been described with reference to a particularexample it should be appreciated that it may be operated in other ways.For instance, a Turnkey solution may alternatively be provided where aservice provider houses the management computer on their own premisestogether with an AKITA application. Here the individual transactions ofan application could require user identity matching before they can beperformed. In this case transaction identifiers are sent to themanagement computer with the coded images, rather than sessionidentifiers.

In a Guaranteed Identification Do it Yourself (GIDDiY), the users createtheir own ‘customer identification numbers’ (ACINs), independent ofthird parties, and store them at trusted locations.

It will be appreciated by persons skilled in the art that numerousvariations and/or modifications may be made to the invention as shown inthe specific embodiments without departing from the spirit or scope ofthe invention as broadly described. The present embodiments are,therefore, to be considered in all respects as illustrative and notrestrictive.

1. A method of performing a computerized identity matching management process, comprising: receiving a request from a capture apparatus; responding to the request to return a message to the capture apparatus at a first instant in time, the message containing a unique code, wherein receipt of the message at the capture apparatus causes initiation of a biometric capture process; after returning a message, receiving an encrypted biometric signal from the capture apparatus, wherein the encrypted biometric signal is coded, subsequent to the encryption, with the unique code at the capture apparatus, at a second instant in time; and when it is determined, based on the unique code, that the second instant is less than a predetermined time later than the first instant, decrypting the biometric signal and initiating a matching process to find a match for the decrypted biometric signal against stored records and generating an identification code when a match is found.
 2. The method of claim 1, wherein the predetermined time is determined according to the time required for the biometric capture process.
 3. The method of claim 1, further comprising checking the integrity of the encrypted biometric signal.
 4. The method of claim 1, further comprising generating a template image of the decrypted biometric signal for matching against stored records.
 5. The method of claim 1, further comprising providing the identification code to a service provider for comparison against a second set of stored records.
 6. A computer readable storage medium storing a computer program which, when executed, performs a method of computerized identity matching management, the method comprising: receiving a request from a capture apparatus; responding to the request to return a message to the capture apparatus at a first instant in time, the message containing a unique code, wherein receipt of the message at the capture apparatus causes initiation of a biometric capture process; after returning a message, receiving an encrypted biometric signal from the capture apparatus, wherein the encrypted biometric signal is coded, subsequent to the encryption, with the unique code at the capture apparatus, at a second instant in time; and when it is determined, based on the unique code, that the second instant is less than a predetermined time later than the first instant, decrypting the biometric signal and initiating a matching process to find a match for the decrypted biometric signal against stored records and generating an identification code when a match is found.
 7. The medium of claim 6, wherein a network of distributed management computers perform the method.
 8. The medium of claim 7, wherein a privacy protection layer is located between the management computer and at least the capture apparatus.
 9. The medium of claim 8, wherein a message oriented middleware platform is in communication with the, or each, management computer for facilitating secure communication between the management computers and at least the capture apparatus.
 10. A computerized identity matching management system, comprising: means for receiving a request from a capture apparatus; means for responding to the request to return a message to the capture apparatus at a first instant in time, the message containing a unique code, wherein receipt of the message at the capture apparatus causes initiation of a biometric capture process; means for, after returning a message, receiving an encrypted biometric signal from the capture apparatus, wherein the encrypted biometric signal is coded, subsequent to the encryption, with the unique code at the capture apparatus, at a second instant in time; and means for, when it is determined, based on the unique code, that the second instant is less than a predetermined time later than the first instant, decrypting the biometric signal and initiating a matching process to find a match for the decrypted biometric signal against stored records and generating an identification code when a match is found.
 11. The system of claim 10, further comprising an authentication server configured to perform the matching process to find a match for the biometric signal against stored records and to generate an identification code when a match is found.
 12. The system of claim 11, wherein the system is configured to receive identity information data provided by a user when using the identity matching process and/or data routed back from the authentication server to a service provider such that the user does not risk their privacy when having their identity checked.
 13. The system of claim 10, wherein the system is incorporated into a service provider computer system. 